                 THE ULTIMATE VIRUS DETECTOR
                -----------------------------
                         
                 Version 2.42. October 1993
                   
                   Created by Daniel H„gg
                 
                     All rights reserved.
                      



               COPYING THE ULTIMATE VIRUS DETECTOR

The Ulitmate Virus Detector is FREEWARE. This means that it's 
FREE and you can copy and use this program as much as you like 
as long as you follow these simple rules:

1:   When you copy The Ultimate Virus Detector, ALL files must
be copied. You may not leave out ANY file, not even the swedish
documentation. 

2:   The files must remain unchanged. You may not modify ANY of
the files in any way, not even this text-file. If you feel that
the world needs to know something about this program the proper
way to do it is to add a textfile of your own. DO NOT CHANGE THE
DOCUMENTATION!

3:   The Ultimate Virus Detector may NOT be sold for profit!
The Ultimate Virus Detector may be distributed by PD libraries
only as long as they don't charge more than ś3 / 6$ including disk
and postage. If you have payed more, you should ask for your
money back! 



                         DISCLAIMER

You are using this program at your own risk! I, the author, cannot
be held responsible for any damage whatsoever caused by the use of
this program!


       
                    WHY USE A VIRUS DETECTOR?

How often do you check if your disks are infected by any viruses?
Once a day? Once a week? Once a month?
If you examines all your disks once a day and enjoy it, you will
not need a virus detector, but the rest of you probably do.
Immunizing all your disks will NOT protect you against viruses.
There are already several viruses which infects disks immunized 
with the "new" immunization that Richard Karsmakers invented in 
1989.



             UVD, THE END OF ALL YOUR VIRUS PROBLEMS
      
The Ultimate Virus Detector, or UVD as I will call it from now 
on, is a small accessory that always keeps an eye on your 
computer. If any virus is detected, UVD will alert you and ask if 
you want to destroy it.
This is the easiest way to avoid problems with viruses.



                   A MULTI LANGUAGE PROGRAM
                   
UVD supports both english and swedish. If you run UVD on a machine
with swedish TOS 1.4 or higher all texts will appear in swedish
otherwise it will appear in english. This is why you MUST always
copy ALL files when you copy UVD!



                          BOOTING UP

When UVD is loaded into memory during boot up or when switching
resolution, it examines the computer to see if it is infected by 
any virus.
If your computer is infected you will hear a bell signal and 
the screen will go red for a while (black on a mono monitor).
If this ever happens, you should turn the computer off and start 
again with another diskette. There is nothing else to do when the 
virus already is 'inside' the computer! 
If you press the reset button the virus might survive, so you 
should always turn the power switch off and wait at least 30 
seconds before turning it back on. If your computer isn't infected
the desktop will appear as usual.



               SELECTING UVD FROM A DROPDOWN MENU. 

The first thing that will appear when you select UVD from the dropdown
menu is an alertbox with general information regarding UVD. If you 
click on OK, UVD will examine the computer in the same way it did when
the system was booted. But this time it will report cases of doubt as
well. If a virus is found you should turn the power off as quickly as
you can. Wait at least 30 seconds and then start again with a safe
disk.

It is quite difficult to find a virus hidden 'inside' the computer.
Especially if several memory resident programs are loaded. This is
why UVD sometimes cannot tell for sure if the computer is infected
or not. A typical message you can get is:


           "Warning !
            There is a reset resident
            program in memory.
            It might be a virus!"
            
Most viruses are reset resident. This is why you always should turn
the power off if you want to get rid of a virus.
Reset resident programs are not very common, but they do exist! AMCGDOS
and NVDI are two examples and there are also several reset resident
RAM-disks. If you know that you have loaded a program that is reset
resident you can ignore this message. If you are unsure you can find
out by removing all the programs from your AUTO folder, perhaps by
renaming all PRGs to PRX. It could also be wise to rename all ACCs
to ACX, except for UVD of course. When you have done this, you should
turn the power off and wait for a while. When you turn the power on
again there should be no reset resident program in memory. If there
is, it most probably is a virus!

	
           "WARNING !!!
           Program found outside TPA.
           The computer is probably
           infected by a virus."
           
No ordinary program installs itself outside TPA. (TPA = Transient
Program Area = User RAM). Either it is a extremly 'ugly', quick-
and-dirty program, or it is a virus. It is MOST probably a virus!

If everyting seems to be OK. You will get the following message:

          "Memory searched!
           No virus found."
           
What happens next is that UVD will ask you if you want to examine
any of your disks.



                       EXAMINING DISKS
                    
Computer virus can be divided into two different 'species'.
Link viruses and boot viruses. Link viruses merge themselves to
executable files,  and are executed each time that the program file
is executed. One way to discover if a program is infected by a
link virus is if a program file suddenly grows a couple of hundred
bytes. Otherwise link viruses are very hard to discover. This version
of UVD cannot discover link viruses.

Boot sector viruses are the easiest to recognize. They occupy the
boot sector on a disk. This sector should normally not contain any
boot program. The boot sector is only used by some games and demos
and by boot viruses. 

        DO NOT ERASE THE BOOTPROGRAM ON A GAME OR A DEMO
        UNLESS YOU ARE 100% SURE THAT IT IS A VIRUS.  

UVD recognises some of the most common boot viruses. But since new
viruses keeps appearing, UVD cannot recognise them all. If UVD finds
a boot program it doesn't recognise, it tries to figure out if it
is a virus by examining the machine code.


          "This disk looks like it's
           infected. But I cannot
           recognize the virus!
           Do you want to erase it?"
           
This message means that UVD has found a boot program that looks very
similar to a boot virus, and it most probably is. But if you don't
dare to erase it, you could always make a backup copy of the disk first.


          "There is something on
           the disk that might
           be a virus...
           Do you want to erase it?"
           
This message means exactly what it says. UVD has found something that
looks a bit, but not entirely, like a virus. I could be some sort of
virus protector such as the Medway boys one. It could also be a rather
odd programmed boot loader for a game or it could indeed be a virus!
It might be a good idea to do a backup before erasing the boot program.
      

          "There is a boot program
           on the disk, but it seems
           to be OK. Do you want to
           erase it anyway?"
           
This is probably a completly harmless boot program. At least if it is
found on a game or a demo. But if it suddenly appears on a disk which
always has been OK before, don't hesitate to erase it. There is always
a possibility that it is a virus.
 	


                    THE WATCHDOG FUNCTION

A part of UVD is always active and keeps an eye on your 
diskdrive(s). If you insert a diskette which is infected with a 
known virus, UVD will send a bell signal to alert you. If this
happens, the best thing is to select UVD from the dropdown menu
to find out what is going on.



                        ANTI VIRUSES

UVD recoginze some of the so called 'anti viruses'ú 
An 'anti virus' is a virus which destroy 'real' viruses.
If UVD detects an 'anti virus' the best thing to do is to erase 
it. This is because it's very easy to make a virus look like an 
'anti virus'. And there is always a possibility that some weird 
guy could have modified the 'anti virus' so it might be 
dangerous to your computer system.  



                      TECNICAL DETAILS 

UVD is written in 100% Assambler.

UVD occupies less than 10k of RAM, so it will work fine with most 
programs on half-meg STs as long as you don`t try to run Calamus 
or something like that. If you have one megabyte memory or more 
you don`t have to worry at all.

The watchdog function uses the hdv_bpb vector to examine every 
disk you insert. This is done using the XBRA standard.

As far as I know, UVD can detect all known viruses and works on 
all ST, MEGA, STE, STacy and TT with any TOS version. 

UVD doesn't work under MiNT with memory protection because it
uses XBRA to trace vectors!



                          UPDATES

UVD is FreeWare, but the easiest way to get all the updates 
is to send a small donation to me.
Bug-reports are also welcome, but don't forget to mention which 
version you are using!

    Daniel H„gg
    Pr„stgatan 27A
    S-77433 Avesta
    Sweden

Internet: ep93dha@t.hfb.se
Fidonet: Daniel Hagg 2:204/428

Have fun!
   
-The Gambler-